FinCEN Issues Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime

October 28, 2016 at 4:34 pm

Written by: Jennifer Salisbury

On Tuesday, October 25, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advisory to explain how regulations and requirements of the Bank Secrecy Act (the “BSA”) apply to cyber-events, cyber-enabled crime, and cyber-related information.

Under the BSA, a financial institution must file a Suspicious Activity Report (a “SAR”) in the event of any successful or unsuccessful cyber-event that poses or posed at least a $5,000 risk to such institution. Further, a SAR must be filed for any cyber-event that a financial institution knows or at all suspects was intended to influence a transaction or a series of transactions at such institution.  A cyber-event is an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.  In determining whether to report any cyber-event, a financial institution should take into consideration any information it has that relates at all to the cyber-event and should aggregate any funds and/or assets that were involved or put at all at risk by the cyber-event.  FinCEN also encourages any financial institution that discovers any cyber-event that falls outside of the mandatory SAR threshold to consider voluntarily filing a SAR because the information can still provide value to law enforcement investigations.

When filing a mandatory SAR, a financial institution should include any cyber-related information available to it. FinCEN also encourages any cyber-related information be included in the filing of any voluntary SAR.  Some examples of cyber-related information are IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information.  Both mandatory and voluntary SARs should include complete and accurate information including, to the extent available: a description and magnitude of the event; known or suspected time, location, and characteristics or signatures of the event; indicators of compromise; relevant IP addresses and their timestamps; device identifiers; methodologies used; and any other information the financial institution believes is relevant.

In addition, financial institutions should always ensure that they comply with any other cyber-related SAR requirements that might be imposed by their respective functional regulators.

To view the full text of the FinCEN Advisory, click here.

Entry filed under: BSA/AML, Client Alerts, Financial Institutions, Privacy/Data Security, Regulatory Guidance. Tags: , , , , .

Proposal to Streamline Call Reports for Community Banks CFPB Reissues Guidance on Supervised Bank and Non-Bank Relationship with Third-Party Service Providers


Enter your email address to follow this blog and receive notifications of new posts by email.

Produced & Maintained By

Stinson Leonard Street Logo

Categories

A legal resource for Banking & Financial Services

Archives


%d bloggers like this: